Hi, I've been experiencing problems with my webmail server : The firewall blocks my IP address with the message : xxx.xxx.xxx.xxx# lfd: (imapd) Failed IMAP login from xxx.xxx.xxx.xxx (CA/Canada/bas1-quebec15-3096557528.dsl.bell.ca): 10 in the last 3600 secs - Fri Nov 21 07:20:13 2014 But, I have NO IMAP account anymore (only 1 POP3). So I've launch several programms to know about this weird connection which blocks my IP address from my server even when my laptop is OFF (at 7:20 am this morning I was sleeping and my laptop closed). On Wiresharks, I see some connections to my ex-husband PC but I'm not sure how to interpret what I read. Does anybody can help me ? Here is the report : http://www.cbwebconception.com/rep_wireshark21nov2014.pcapng The lines which make me afraid are from 1 to 22 (the beginning), where ERIC-PC is displayed (my ex-husband laptop, but my ex-husband live at 700 km from me, in GASPE). His IP address is 75.152.63.26. and this IP address is on lines 19 to 22. (it's a globetrotter / TELUS connection). Please can you help me ? I'm afraid my ex-husband has access to my e-mail and /or files. Thank you, Chris asked 21 Nov '14, 11:04  Chris427 |
2 Answers:
The lines 19 to 22 are Windows file share (SMB/CIFS) connection attempts, but they fail. For some reason your PC tries to access his IP, maybe because you had some sort of mapped share? The DNS packets before that also look for a device called "ERIC-PC", so there is probably something configured on your PC to connect to that IP. If you don't know what it may be or cannot find out what software/setting this comes from you should consider reinstalling, just to be safe. Also, just to be sure, you should change all your online passwords. It's the only way to be sure that he can't access your data. answered 21 Nov '14, 13:03  Jasper ♦♦ |
Hi Jasper, Thank you for your comment. " The strange thing is that the connection is going out to a public IP - usually, those kinds of sharing connections are made within private networks." This is strange yes. and we have never shared anything with our computers. Maybe we had only the local printer in common. Which is strange too : his IP adresse in GASPE 75.152.63.26. Look at this line (from Wireshark report ) What is a TCP Retransmission ? 498787 10894.250517000 192.168.5.5 75.152.63.26 TCP 66 [TCP Retransmission] 8036→139 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1 Maybe today he cannot receive anything but I guess before the 9th of October he could receive. Thank you, Chris answered 21 Nov '14, 16:04 Chris427 |
Hi Jasper !
Thank you for your comment.
What is "some sort of mapped share" ? The device called "ERIC-PC" is my Ex-husband. We are in court. Hard time. I had suspected him to read my e-mail or listen my phone calls. But now, I'm becoming a bit crazy when I see his laptop name and his IP address on the report.
I don't want to reinstal my system as if he could get my personnal information (my e-mail with my attorney for example), I want to keep the information to proove it.
Do you know how I can see what is sending and what is sent from my laptop to ERIC-PC ?
Many Thanks for your help,
Chris
Well, often PCs at home are doing peer to peer connections, e.g. to share music, pictures and videos. Microsoft Windows tries to establish this kinds of sharing groups automatically from Windows 7 and up, so maybe your PC was in a such a relation to your ex-husbands PC. The strange thing is that the connection is going out to a public IP - usually, those kinds of sharing connections are made within private networks.
In the trace you posted your PC tries to connect to your ex-husbands IP multiple times, but never succeeds. It's all Windows File share, not email or VoIP. You could configure your own firewall to block everything going to that IP, to be sure nothing gets out.
Otherwise, check if you have mapped drives on your PC, e.g. by checking if there is any drive letter in your explorer mapped to something starting with "\", especially "\eric-pc".
Maybe it's some sort of application that tries this, so you could also check in the control panel if there is any application you don't need anymore and deinstall it.
If you want to keep the system to prove something you should stop using it and get another PC that you can use instead.